Secure content augmentation systems and methods

ABSTRACT

The disclosure relates to, among other things, systems and methods for augmenting and/or otherwise supplementing content using watermarks. Consistent with embodiments disclosed herein, a user device such as a smartphone may be used to retrieve watermark information encoded in a watermark. The watermark information may comprise content that supplements an associated content item, link and/or location information that may be used to retrieve supplemental content, and/or the like. In some embodiments, the watermark information may comprise cryptographic and/or other access token information used to decrypt and/or otherwise access supplemental content.

RELATED APPLICATION

This application claims the benefit of priority under 35 U.S.C. § 119(e)to U.S. Provisional Patent Application No. 63/011,590, filed Apr. 17,2020, and entitled “AUGMENTED PHOTOGRAPH SYSTEMS AND METHODS,” thecontents of which is hereby incorporated by referenced in its entirety.

COPYRIGHT AUTHORIZATION

Portions of the disclosure of this patent document may contain materialwhich is subject to copyright protection. The copyright owner has noobjection to the facsimile reproduction by anyone of the patent documentor the patent disclosure, as it appears in the U.S. Patent and TrademarkOffice patent file or records, but otherwise reserves all copyrightrights whatsoever.

SUMMARY

The present disclosure relates generally to systems and methods foraugmenting content. More specifically, but not exclusively, the presentdisclosure relates to systems and methods for securely augmentingcontent, which may comprise 2-dimensional (“2D”) content (e.g., aphotograph, an identification card, etc.), using a watermark thatcontains supplemental information and/or information that may be used toretrieve supplemental information.

Conventional image content, including photographs, may store relativelylimited information. For example, conventional photographs may comprisestatic 2D images capturing a snapshot of an event occurring withinthree-dimensional (“3D”) space. An individual viewing the photograph mayonly be provided with a single point of view of the captured event andmay not be readily able to obtain further detail and/or perspectiveswithout viewing additional photographs. When multiple photographs arecaptured and viewed together, a viewing individual may need to placethem in proper sequence and/or context to better understand an actualevent in question.

Conventional image content may further lack interactivity, asindividuals may not interact with photographs in the same way that theyinteract with the physical world and/or with certain digital images on acomputer. For example, an individual may not be able to zoom in or outwith a conventional photograph, rotate around the subject of thephotograph, and/or see an animated version of the photograph.

Conventional photographs may, in some circumstances, be used as a formof identification. For example, a photograph may be included on anidentification card associated with an individual. Conventionalphotographs used as a form of identification, however, may introducechallenges when two individuals resemble one another. Using photographsin identification cards to authenticate an individual's true identitymay also be prone to error, especially if the individual's appearancehas changed (e.g., weight gain, hairstyle changes, etc.). Furthermore,the lack of an ability to zoom into a conventional photograph may makeit more difficult to scrutinize and differentiate facial featuresdepicted in photographic identification.

In some circumstances, photographs may be captured of privateindividuals and/or events. It may be desirable for such photographs tonot be distributed widely and/or otherwise be distributed in acontrolled manner. A conventional photograph, however, is a static imagethat allows an individual possessing the photograph to access all itsdepicted information without privacy controls.

Consistent with embodiments disclosed herein, a variety of techniquesfor augmenting and/or otherwise supplementing content using watermarksare described. In some embodiments, a watermark may include and/orotherwise encode information. Using a device (e.g., a smartphone with acamera system and/or the like), a user may retrieve information encodedin the watermark. For example, in some embodiments, a camera systemassociated with a device may be used to capture image informationassociated with a watermark.

The encoded information, which may be generally referred to herein incertain instances as watermark information, may comprise content thataugments and/or otherwise supplements content associated with thewatermark. In further embodiments, the encoded information may comprisea link and/or other identification information that may be associatedwith a location and/or a service where a device may access augmentingand/or supplemental content. In various embodiments, a device used toaccess watermark information may exchange authentication credentialswith a service to retrieve the augmenting and/or supplemental content.Upon receiving valid credentials and confirming authorization to viewsupplemental content, the service may provide the supplemental contentand/or the cryptographic keys and associated rights to the device tosecurely control access to the supplemental content.

A variety of watermarks may be used in connection with various aspectsof the disclosed embodiments. In some embodiments, watermarks may beperceivable and/or otherwise visible when viewing the watermark. Infurther embodiments, however, the watermark may not be perceivableand/or otherwise visible to a user's naked eye, but may be able to bedetected by a system of a device (e.g., a camera system and/or thelike). Watermarks may be bound to associated content, potentiallytightly and/or securely, and/or may comprise unbound and/or otherwisediscrete watermarks.

Information encoded within watermarks may, in some embodiments, beencrypted and/or otherwise protected. For example, to access encryptedwatermark information in the clear, a device may be required to decryptthe encrypted watermark information using a cryptographic key (e.g.,decrypting the watermark information by the device directly and/or byinteracting with another system and/or service). In further embodiments,watermark information may be unencrypted. In yet further embodiments,watermark information may comprise a cryptographic key, which may or maynot be encrypted itself, that may be used in connection with variouscryptographic operations and/or applications.

In at least one non-limiting example implementing various embodimentsdisclosed herein, photographs may be augmented with a watermark and/orother information that may contain information regarding augmentedinformation and/or otherwise associated with the photograph. Forexample, in some embodiments, a watermark included on a photograph mayinclude information about a 3D version of the photograph, 3D versions ofobjects included in the photograph, and/or higher resolution versions ofthe photograph and/or other supplemental content information. When auser of an augmented reality (“AR”) device views an augmented photographconsistent with embodiments disclosed herein, the device may render the3D image in space over the 2D static photograph image (e.g., virtuallysuperimposed over a view of static image in a display of the deviceand/or in a projection generated by the device), may provide access tothe higher resolution version of the photograph, and/or display thesupplemental content information. It will be appreciated, however, thatvarious embodiments disclosed herein may be implemented in connectionwith a wide variety of other use cases, contexts, architectures, and/orapplications.

BRIEF DESCRIPTION OF THE DRAWINGS

The inventive body of work will be readily understood by referring tothe following detailed description in conjunction with the accompanyingdrawings, in which:

FIG. 1 a illustrates an example of a user viewing a photograph augmentedwith watermark information consistent with certain embodiments of thepresent disclosure.

FIG. 1 b illustrates an example of a user viewing a photograph includinga watermark using a user device providing augmented realityfunctionality consistent with certain embodiments of the presentdisclosure.

FIG. 2 a illustrates an example of gesture-based interactive control ofaugmenting information associated with a photograph consistent withcertain embodiments of the present disclosure.

FIG. 2 b illustrates another example of gesture-based interactivecontrol of augmenting information associated with a photographconsistent with certain embodiments of the present disclosure.

FIG. 3 illustrates an example of authenticating access to supplementalinformation associated with content by a device through interacting witha service consistent with certain embodiments of the present disclosure.

FIG. 4 illustrates an example of an interaction with a watermarkincluding encrypted information consistent with certain embodiments ofthe present disclosure.

FIG. 5 illustrates an example of an interaction with a watermarkincluding decryption information consistent with certain embodiments ofthe present disclosure.

FIG. 6 illustrates a flow chart of an example of a method of managingaccess to supplemental information associated with content consistentwith certain embodiments disclosed herein.

FIG. 7 illustrates a flow chart of an example of a method of accessingsupplemental information associated with content using securely boundwatermarks consistent with certain embodiments disclosed herein.

FIG. 8 illustrates a system that may be used to implement certainembodiments of the systems and methods of the present disclosure.

DETAILED DESCRIPTION

A detailed description of the systems and methods consistent withembodiments of the present disclosure is provided below. While severalembodiments are described, it should be understood that the disclosureis not limited to any one embodiment, but instead encompasses numerousalternatives, modifications, and equivalents. In addition, whilenumerous specific details are set forth in the following description inorder to provide a thorough understanding of the embodiments disclosedherein, some embodiments can be practiced without some or all of thesedetails. Moreover, for the purpose of clarity, certain technicalmaterial that is known in the related art has not been described indetail in order to avoid unnecessarily obscuring the disclosure.

The embodiments of the disclosure may be understood by reference to thedrawings. The components of the disclosed embodiments, as generallydescribed and illustrated in the figures herein, could be arranged anddesigned in a wide variety of different configurations. Thus, thefollowing detailed description of the embodiments of the systems andmethods of the disclosure is not intended to limit the scope of thedisclosure but is merely representative of possible embodiments of thedisclosure. In addition, the steps of any method disclosed herein do notnecessarily need to be executed in any specific order, or evensequentially, nor need the steps be executed only once, unless otherwisespecified.

Embodiments of the disclosed systems and methods may provide a varietyof techniques for augmenting and/or otherwise supplementing contentusing watermarks. Consistent with embodiments disclosed herein, using adevice such as, for example and without limitation, a smartphone device,a user may retrieve watermark information encoded in a watermark. Thewatermark information may comprise content that supplements anassociated photograph and/or other content item (e.g., an identificationcard and/or the like), link and/or location information that may be usedto retrieve content that supplements the photograph and/or other contentitem, cryptographic information, and/or the like. As described in moredetail below, embodiments of the disclosed systems and methods mayemploy secure watermarks in a variety of applications, contexts, and/oruse cases, including for example and without limitation, photographaugmentation, supplementing additional content and/or information withan identification card, various cryptographic content operations, and/orthe like.

Watermarks and Watermark Security

A variety of watermarks may be used in connection with various aspectsof the disclosed embodiments. In various disclosed embodiments,watermarks may be associated with other content such as, for example andwithout limitation, a photograph, an identification card, a document,and/or the like. Although various embodiments and/or examples may bedescribed herein as using a watermark to associate supplementalinformation with a photograph and/or identification card, it will beappreciated that variety of other types of content, documents, and/orthe like may be used in connection with the various watermarkingtechniques disclosed herein and/or aspects thereof. Moreover, it will befurther appreciated that certain aspects of the disclosed systems andmethods may not necessarily be employed in connection with watermarkingphotographs, identification cards, documents, and/or other content, butmay be alternatively and/or additionally be used in other contexts suchas access control and/or rights management systems and/or services.

In some embodiments, watermarks may comprise discrete watermarks and/orotherwise be separate from associated content. For example and withoutlimitation, a watermark may be printed and/or displayed in a corner of aphotograph and/or an identification card. In further embodiments,watermarks may be integral to associated content. For example andwithout limitation, a watermark may be printed and/or displayed over aphotograph and/or an identification card.

In some embodiments, watermarks may be perceivable and/or otherwisevisible when viewing the watermark. In further embodiments, a watermarkmay not be perceivable and/or otherwise visible to a user's naked eye,but may be able to be detected by user device. Watermarks may be boundto associated content, potentially tightly and/or securely (e.g. via analgorithm based on visual characteristics and/or in conjunction withcryptographic functions), and/or may comprise unbound and/or otherwisediscrete watermarks.

Watermarks may encode a variety of watermark information. In someembodiments, watermark information may comprise supplemental and/oraugmenting information. In further embodiments, the watermarkinformation may comprise a link and/or other identification informationthat may be associated with a location and/or a service where a devicemay access augmenting and/or supplemental content and/or otherinformation.

In various embodiments, watermark information may comprise informationthat may be used to redeem other information and/or request otherinformation (e.g., tokens). Watermark information may further comprisecryptographic information such as, for example and without limitation,cryptographic keys that, in some implementations, may be used to decryptsupplemental content and/or other information. In some embodiments,watermark information may comprise rights objects that may bind accesspermissions with encrypted key material such that authorized softwaremay decrypt encrypted key material to use to access the supplementalcontent in accordance with the associated rights and/or permissions.

Information encoded within watermarks may, in some embodiments, beencrypted and/or otherwise protected. For example, to access encryptedwatermark information in the clear, a device may be required to decryptthe encrypted watermark information using a cryptographic key (e.g.,decrypting the watermark information by the device directly and/or byinteracting with another system and/or service). In further embodiments,watermark information may be unencrypted and/or otherwise in the clear.In yet further embodiments, watermark information may comprise acryptographic key, which may or may not be encrypted itself, that may beused in connection with various cryptographic operations and/orapplications. For example, in some embodiments, and as discussed in moredetail below, watermark information may comprise an encrypted key thatmay be decrypted using another key (e.g., a key associated with and/orstored by the device and/or another service, a key retrieved by thedevice from a service, a key retrieved by a device from the contentassociated with the watermark (e.g., such as from a near fieldcommunication (“NFC”) chip included on an identification card).

In some embodiments, watermarks may be static in nature. For example, awatermark embedded within an image may be physically associated with theimage and may thus be relatively static. In further embodiments,watermarks (and/or associated content items) may be dynamic in natureand may be updated and/or changed over time. For example and withoutlimitation, a watermark may be displayed via a dynamic display systemand/or component associated with content, an identification card, adocument, and/or some other type of content and/or item.

As discussed above, certain watermarks may be relatively easy tovisually identify on an image. In some circumstances, such watermarksmay be read by a device with relatively high reliability. Certainvisible watermarks, however, may also be relatively easy to tamper with,remove, replace, copy, and/or alter. Information encoded within and/oraccessible using such watermarks may also be susceptible to access viaunauthorized duplication of an image, as they may survive copying atrelatively low-resolution and/or via digital photography.

Watermarks offering potentially greater security may be embedded and/orhidden within associated content (e.g., an image) in a manner which isdifficult to detect without knowledge of the technique and/or algorithmused to place the watermark and/or read the information encoded in thewatermark. In some embodiments, such watermarks may be embedded multipletimes within content (and/or using multiple watermarking techniques) forredundancy and/or additional resistance to tampering.

In some embodiments, a watermark may include information relating tocontent associated with the watermark (e.g., an image in which thewatermark is embedded). Such a watermark may be relatively difficult toremove from an encompassing image without altering the imagesignificantly and/or in an otherwise detrimental manner. Likewise, ifsuch a watermark were to be copied and incorporated into a differentimage (e.g., as in the case of an attempt to produce a fraudulentassociation with another image and/or a forged identification card), anincorrect association between image characteristics and the data encodedin the watermark may be detected. In further embodiments, a watermarkmay be made resistant to tampering of the information encoded within thewatermark in a manner which would destroy a relationship with anassociated image and/or other content. In some embodiments, watermarksmay be embedded in a manner that allows a watermark to withstand copyingof associated content or embedded in a way such that a copy of thecontent and/or the associated watermark renders the content and/orassociated watermark unusable and/or altered from the original.

In some embodiments, watermarks and/or associated watermark informationmay be protected by other watermarks and/or other data and/orinformation (e.g., data provided by an NFC chip included on content thewatermark is associated with). In at least one non-limiting example, acryptographic hash of a visually identifiable and/or readable firstwatermark may be protected by embedding a hashed and/or encryptedversion of the watermark information in one or more other secondwatermarks associated with content that are more difficult to detectand/or remove. Comparing a hash of the first watermark information witha hash retrieved from one or more of the second watermarks may revealinconsistences that may be indicative of tampering and/orunauthenticity.

User Devices and Service Systems

Watermark information may be read and/or otherwise retrieved from awatermark by a user device and/or an associated subsystem and/orcomponent of a user device. For example and without limitation, in someembodiments, a camera system associated with a device may be used tocapture a watermark and/or associated encoded watermark information. Itwill be appreciated, however, that a variety of other subsystems and/orcomponents of a user device may be used to capture, retrieve, and/orotherwise read watermark information.

A variety of user devices may be used in connection with various aspectsof the disclosed embodiments. A user device may comprise, for exampleand without limitation, one or more laptop computer systems, desktopcomputer systems, mobile devices, smartphones, table computers,augmented reality (“AR”) glasses, virtual reality (“VR”) headsets and/orother devices, photo scanners, near field reader devices, wirelesstransceiver devices, and/or any other type of suitable computer systemand/or device. In some embodiments, a user device may execute trustedsoftware for authenticating a user of the device, evaluating a user'sauthorization to view information (e.g., watermark information and/orassociated retrieved information), evaluating and/or enforcing policiesassociated with information access, secure storage and/or management ofcryptographic keys, unique identifiers, and/or the like. User devicesmay further comprise one or more secure execution environments, trustedexecution environments (“TEE”), secure processing units (“SPUs”), and/orany other suitable secure execution spaces. Although described generallyherein as a user device for purposes of illustration and explanation, itwill be appreciated that a user device may comprise a device associatedwith a system and/or service and not necessarily with a particular user.

Consistent with embodiments disclosed herein, a user device may interactwith a service system, which in certain instances may comprise a networkaccessible service system, in connection with various watermarkoperations. In some embodiments, the service system may further interactwith one or more other services and/or devices. The service system maycomprise, for example and without limitation, one or more laptopcomputer systems, desktop computer systems, server computer systems,distributed computer systems, and/or any other type of computing systemand/or device.

The service system may provide a variety of operations and/or functionsincluding, for example and without limitation, storing, management,and/or provisioning of supplemental content information, access control,authentication, and/or rights management associated with interactionswith supplemental content information, key provisioning services,cryptographic services (e.g., encryption and/or deception services),policy enforcement and/or management, and/or the like. Although variousembodiments disclosed herein describe a service system as being separatefrom a user device, it will be appreciated that in further embodiments,various functionality of a user device and/or a service system may beintegrated in a single device, system, and/or service, and/or anysuitable combination of devices, systems, and/or services.

The user device, service system, and/or one or more other associatedsystems and/or services may comprise a variety of computing devicesand/or systems, including any computing system or systems suitable toimplement embodiments of the various systems and methods disclosedherein. In certain embodiments, the user device, service system, and/orone or more other associated systems and/or services may comprise atleast one processor system configured to execute instructions stored onan associated computer-readable storage medium. As discussed in moredetail below, the user device, service system, and/or other associatedsystems and/or services may further comprise a TEE and/or a SPU that maybe configured to perform sensitive operations such as trusted credentialand/or key management, secure policy and/or rule enforcement and/ormanagement, and/or other aspects of the systems and methods disclosedherein.

The user device, service system, and/or other associated systems and/orservices may further comprise software and/or hardware configured toenable electronic communication of information between the device,service, and/or other services and/or systems via a network using anysuitable communication technology, standard, and/or combinationsthereof. The user device, service system, and/or other associatedsystems and/or services may be communicatively coupled using a varietyof networks and/or network connections. In certain embodiments, thenetwork connections may comprise a variety of network communicationdevices and/or channels and may utilize any suitable communicationsprotocols and/or standards facilitating communication between the userdevice, service system, and/or other systems and/or services.

The network connections may comprise Internet, a local area network, avirtual private network, and/or any other communication networkconnections utilizing one or more electronic communication technologiesand/or standards (e.g., Ethernet or the like). In some embodiments, thenetwork connections may comprise a wireless carrier system such as apersonal communications system (“PCS”) and/or any other suitablecommunication system incorporating any suitable communication standardsand/or protocols. In further embodiments, the network connections maycomprise an analog mobile communications network connections and/or adigital mobile communications network connections utilizing, for exampleand without limitation, code division multiple access (“CDMA”), GlobalSystem for Mobile Communications or Groupe Special Mobile (“GSM”),frequency division multiple access (“FDMA”), and/or time divisionalmultiple access (“TDMA”) standards. In certain embodiments, the networkconnections may incorporate one or more satellite communication links.In yet further embodiments, the network connections may utilize IEEE's802.11 standards, Bluetooth®, ultra-wide band (“UWB”), Zigbee®, and/orany other suitable standard or standards.

Supplemental and/or Augmenting Information

Various types of supplemental information and/or content, which incertain instances herein may be described as augmented informationand/or content and/or augmenting information and/or content, may beencoded within and/or otherwise be associated with a watermarkconsistent with embodiments disclosed herein (e.g., associated withcontent via link information, location information, and/or the like).Certain types of supplemental information may not involve securityprotections including, for example and without limitation, metadataassociated with associated image content, metadata and/or descriptioninformation associated with the image content and/or an individualappearing the image content that may be discernable from the content(e.g., hair color, eye color, gender, etc.), and/or the like. In someembodiments, this type of information may be associated with and/orotherwise encoded within a watermark having a relatively low level ofsecurity.

Other supplemental information, however, such as, for example andwithout limitation, AR and/or VR data, video content, 3D facialrecognition data, image transformation data (e.g., automated ageprogression data, tattoo simulation and/or removal data, hair colorand/or hair style transformation data, height data, weight data,fingerprint data), and/or the like, may be encoded within (and/or linkedby) watermarks and/or associated service systems employing a relativelyhigher-level of security. As discussed in more detail below, access tosuch higher security information may, in some embodiments, use locallyretrieved information from associated content as part of the securityprotection mechanisms (e.g., information retrieved from an NFC chipintegrated into a content item while in proximity to a user deviceand/or the like).

Watermarking Photographs with Augmenting Information

Consistent with various embodiments of the disclosed systems andmethods, 2D photographs may be supplemented and/or otherwise augmentedwith a watermark and/or other information that may contain informationabout supplemental information regarding and/or otherwise associatedwith the photograph. Although various embodiments are described hereinas using a watermark to augment a photograph, it will be appreciatedthat a variety of other methods for augmenting a photograph may also beused.

FIG. 1 a illustrates an example of a user 104 viewing a photograph 102supplemented with watermark information 100 consistent with certainembodiments of the present disclosure. In some embodiments, thewatermark 100 may be perceivable and/or otherwise visible when viewingthe photograph 102. In further embodiments, however, the watermark 100may not be perceivable and/or otherwise visible to a user's naked eyewhen viewing the photograph 102, but may be able to be detected by animaging system of an AR device such as a smart phone and/or an AR and/orVR-equipped wearable device.

FIG. 1 b illustrates an example of a user viewing a photograph includinga watermark 100 using a user device 106 providing AR functionalityconsistent with certain embodiments of the present disclosure. Thewatermark 100 may encode augmenting and/or supplemental informationassociated with the photograph. For example, in some embodiments, awatermark 100 included on a photograph 102 may include information abouta 3D version of the photograph and/or 3D versions of objects 110included in the photograph. When a user of the smartphone device 106providing AR services views the augmented photograph 102 consistent withembodiments disclosed herein, the device 106 may render the 3D imageand/or object 110 in space over the 2D static photograph image (e.g.,virtually superimposed over a view of a static image in a display of thedevice 106). Although various embodiments of the disclosed watermarks100 are described herein as encoding 3D information (and/orlink/location information for accessing associated 3D information), itwill be appreciated that a variety of other types of supplementaryinformation may be encoded in a watermark consistent with the disclosedembodiments.

In some circumstances, a watermark 100 may encode and/or otherwiseinclude a limited amount of information. Accordingly, in someembodiments, the watermark 100 may encode and/or otherwise include alink and/or otherwise identify a location where a device 106 may accessaugmenting and/or supplementing information associated with thephotograph 102. In further embodiments, the watermark 100 may includeinformation that the device 106 may use to access information from anaugmented information service.

For example, as illustrated in FIG. 1 b , a watermark 100 may encodeinformation identifying a service 108 providing supplementalinformation. The watermark 100 may further include information that theuser device 106 may use to access supplemental information associatedwith the photograph 102 from the service 108. Using the watermarkinformation 114, the device 106 may issue a request for the augmentedinformation associated with the photograph 102 to the service 108. Basedon the information included in the received request, the service 108 mayaccess the augmented and/or supplemental information 112 associated withthe watermark 100 and/or photograph 102 and return it to the user device106. The user device 106 may then render the supplemental information tothe user (e.g., by rendering a 3D image 110 in space over the 2D staticphotograph image 102 and/or the like).

In some embodiments, security techniques may be employed by the userdevice 106 and/or the service system 108 to ensure only authorized usersare permitted to access to supplemental information 112 such as 3Drendering information. For example, a photographer may set permissionson a photograph 102 and only allow those with password access to viewsupplemental information 112 associated with the 2D image such as 3Drendering information. A user possessing the photograph 102 may view the2D printed image, but may not view the supplemental information 112and/or 3D rendering information with their device 106 without firstauthenticating access (e.g., by entering a correct password via thedevice 106 and/or the like).

In certain embodiments, access control security may be enforced by theuser device 106. In further embodiments, access control security may beenforced by the service system 108 in connection with responding toaccess control requests issued by a user device 106.

In some embodiments, as discussed in more detail below, augmentedinformation 112 may be stored and/or provisioned to a user device 106 inan encrypted format by the information service. The watermark 100 maycomprise key information that may be used to decrypt the augmentedinformation 112. In certain embodiments, the key information may becommunicated to the service system 108 and be used by the informationservice to decrypt the augmented information prior to transmitting theinformation to the user device 106. In further embodiments, the servicesystem 108 may communicate the encrypted augmented information to theuser device 106 and the device may use key information included in thewatermark 100 (and/or otherwise stored by the user device 106) todecrypt the received augmented information.

Interaction with Supplemental Information

Various embodiments disclosed herein may enable a variety of dynamicuser interactions with watermarked photographs. For example, using an ARdevice and watermark information included in a photograph, a user may beable to zoom in and out of augmented photograph information, rotate aviewing perspective around a subject of a photograph, rotate a 3Drendering of the subject of a photograph, and/or view an animatedversion of the photograph. In some embodiments, gesture-based controlsmay be used to facilitate interaction with augmented photographinformation.

FIGS. 2 a-2 b illustrate examples of gesture-based interactive controlof augmenting information associated with a photograph 102 consistentwith certain embodiments of the present disclosure. Such gesture-basedcontrols may include, for example and without limitation, one or moreof:

-   -   Zoom and Pinch—Using zoom and pinch gestures, a user may enlarge        and/or narrow augmenting information associated with the        photograph 102 and/or areas of the photograph itself.    -   Rotate—Using a rotate gesture, a user may view augmenting        information associated with a backside of an object included in        a photograph 102 (e.g., the back of a subject's head), rotate a        3D representation of an object 110 included in the photograph,        and/or the like.    -   Animate—Using an animate gesture, a user may play a 3D moving        rendering which can show movements in a scene shown in a        photograph 102 captured by a capturing device.

Augmenting information may be generated and/or otherwise captured in avariety of ways. For example, to capture panoramic view augmentedinformation, a photographer may rotate a camera around a single point tocapture a 360-degree view of a location. In another example, to capturecertain 3D images, a photographer may rotate a camera around an object(e.g., a person's head) until multiple perspectives of the object havebeen captured.

Embodiments of the disclosed systems and methods may be employed in avariety of applications, contexts, and/or use cases. In a firstnon-limiting example, a couple may take a photo of a family outing usinga panoramic photo application. They can either print the photo on apiece of paper or view it on a computer screen. In either case, whenthey view the image through an AR device, the device may render a 3Dimage associated with the photo. Using gesture-based controls, thecouple may interact with the image to see it from multiple perspectivesthat were captured by the panoramic photo application.

In another non-limiting example, a suspicious individual may attempt topass a security checkpoint. A security guard may view the individual'sphotograph on an ID card. Without using an AR device, the suspiciousindividual may look similar to hundreds of other similar looking people.However, using an AR device, the security guard can access watermarkinformation to view a 3D view of the individual that they can zoom in onand/or otherwise enhance. The security guard may notice that thesuspicious individual has different features that the individualassociated with the ID card, and may thus stop the suspicious individualfrom using the likely stolen card.

In yet another non-limiting example, a group of coworkers may attempt todocument the results of a meeting. They may wish to share their notesfrom the meeting without fear of trade secret theft. Photographs oftheir notes may be encrypted with a passcode and access may berestricted to only the members of the team and/or others with accesspermissions.

Managing Access Authorization to Supplemental Information

In various disclosed embodiments, access to supplemental informationand/or content may be managed using authentication processes implementedby the device and/or one or more services. For example, in someembodiments, a device may read watermark information encoded inwatermark and exchange authentication credentials with a service toretrieve associated supplementary information. By managing thedistribution of supplementary information using authenticationprocesses, a service may operate to ensure that only authorized usersand/or devices are granted access to protected and/or otherwise securesupplemental information.

FIG. 3 illustrates an example of authenticating access to supplementalinformation 306 associated with content by a device 106 throughinteracting with a service 108 consistent with certain embodiments ofthe present disclosure. In certain embodiments, various watermarkingtechniques described herein may be used in connection with contentcomprising an identification card 300. The identification card 300 maycomprise, for example and without limitation, a photograph of anindividual, various characteristics associated with the individual(e.g., height, weight, hair color, eye color, gender identity, name,address, etc.), certain rights and/or authorizations associated with theindividual, and/or the like.

Consistent with embodiments disclosed herein, the identification card300 may further comprise one or more watermarks 100. In someembodiments, one or more watermarks may be embedded and/or otherwiseincluded in a photo printed on an identification card 300 and/orotherwise be integral and/or embedded in information included on thecard 300. In further embodiments, the identification card 300 maycomprise one or more discrete watermarks that may be printed on the card300 separately from other information (e.g., separate from photographsand/or other information).

In some embodiments, as discussed in more detail below, theidentification card 300 may comprise one or more wireless presenceindicating components. For example, the identification card 300 maycomprise a relatively short-range presence indicating component such as,for example and without limitation, radio-frequency identification(“RFID”) and/or NFC responders and/or chips that, in some instances, maycomprise secure elements. In further embodiments, other wirelesstechnologies may be employed for presence and/or proximity detectionand/or determination including, for example and without limitation,WiFi, Bluetooth®, UWB beacons, Zigbee®, and/or the like. In certainembodiments, the identification card 300 may further comprise storage,which may be used to store encrypted identification and/or supplementalinformation, secure storage, which may be used to securely store keys,device identifiers, user identifiers, supplemental information, and/orthe like, one or more secure elements for cryptographic processing(e.g., associated with NFC communication components), and/or the like.

The device 106 may read, retrieve, and/or otherwise capture thewatermark 100 and/or associated encoded watermark information using oneor more watermark retrieval subsystems 302 of the device 106. In someembodiments, a camera may be used to capture the watermark 100 and/orassociated encoded watermark information, although other types ofwatermark retrieval subsystems 302 may also be used by the device 106.

In some embodiments, watermark information management services 308executing on the device 106 may extract watermark information 114 fromthe watermark 100 captured by the device 106. For example, in someembodiments, watermark information management services 308 may decodeencoded watermark information 114 from a watermark 100 captured by thedevice 106 (e.g., decode in accordance with a defined and/or recognizedencoding and/or decoding method). Watermark information managementservices 308 may extract watermark information 114 from the decodedwatermark information that may be used to retrieve supplementalinformation associated with the watermark from a service system 108. Forexample and without limitation, in some embodiments, watermarkinformation management services 308 executing on the device 106 may usedecoded information from a watermark 100 to identify a particularservice system 108 and may communicate watermark information 114included in the decoded information to the service system 108 that maybe used to identify and/or otherwise retrieve associated supplementalinformation 306.

Consistent with embodiments disclosed herein, in some embodiments,access and/or authentication management services 310 executing on thedevice 106 may further communicate authorization and/or authenticationinformation 304 and/or other rights information to the service system108 in connection with a request to retrieve specific supplementalinformation 306 associated with a watermark 100.

For example, in some embodiments, a user and/or device 106 may provideuser and/or device access credentials (e.g., a username and/orpassword), biometric credentials, access tokens, and/or the like to theservice system 108 as authorization information 304 in connection with arequest to retrieve supplemental information 306 associated with awatermark 100. The service system 108 may authenticate the request byexamining the authorization information 304 proffered by the device 106in connection with the request to determine whether the associated userand/or device has rights and/or authorization to access the supplementalinformation 306 associated with the watermark information 114. In someembodiments, the authorization information 304 may comprise one or morekeys associated with the device 106, an associated user, and/orcryptographic services 312 associated with the device that may be usedby the service system 108 to decrypt encrypted supplemental informationassociated with a request and/or watermark 100 before returning theinformation to the device 106.

If the user and/or device 106 has requisite rights and/or authorization,the service system 108 may return the supplemental information 306 tothe device 106. Using the device 106, a user may view the supplementalinformation 306, potentially in connection with the identification card300 (e.g., overlaid on a display of the device 106). In at least onenon-limiting example, the supplemental information 306 may comprisehigher resolution photograph information associated with theidentification card 300, allowing a user to examine certain usercharacteristics in more detail (e.g., using zooming operations and/orthe like). In further embodiments, the supplemental information 306 maycomprise confidential and/or otherwise restricted information about anindividual associated with the identification card 300 (e.g., priorcriminal history and/or records, banking information, electronic travelhistory, and/or the like). It will be appreciated that a variety oftypes of supplemental information 306 may be used in connection withvarious aspects of the disclosed embodiments, including any of the typesof supplemental and/or augmenting information described herein, and thatany suitable type of supplemental and/or augmenting information may beemployed in connection with the disclosed embodiments, which may varydepending on a particular application, context, and/or use case.

In certain embodiments, supplemental information 306 provided to adevice 106 by the service system 108 may be encrypted. The encryptedsupplemental information 306 may be decrypted by the device 106 using adecryption key associated with the user, device 106, and/orcryptographic services 312 executing on the device 106. Once decrypted,the supplemental information 306 may be displayed by the device 106and/or otherwise accessed by an associated user. In some embodimentswhere returned supplemental information 306 communicated to the device106 from the service system 108 is encrypted, the device 106 may notnecessarily provide authorization information 306 to the service system108 in connection with a request. Authenticated access control to thesupplemental information 306 may be still be maintained to a degree insuch an implementation, however, as only devices and/or users possessingrequisite cryptographic keys may decrypt the returned supplementalinformation 306.

Encrypted Watermark Information

In some embodiments, information encoded in a watermark may be encryptedand/or otherwise protected in a manner such that to decrypt and/ordecode the encoded watermark information, a user device may need topossess one or more associated decryption keys. Managing distribution,access, and/or use of the associated decryption keys may thus be used tomanage access to associated watermark information.

FIG. 4 illustrates an example of an interaction with a watermark 400including encrypted information consistent with certain embodiments ofthe present disclosure. In some embodiments, the watermark 400 may beassociated with an identification card 300, although other types ofassociated content may also be used in connection with the disclosedembodiments. The watermark 400 may be embedded and/or otherwise includedin content printed on the identification card (e.g., a photo) and/or maycomprise a discrete watermark, potentially in a specific location on theidentification card 300.

In some embodiments, the watermark 400 may encode supplementalinformation associated with the identification card 300 in an encryptedform. The device 106 may read, retrieve, and/or otherwise capture thewatermark 400 and/or associated encoded encrypted supplementalinformation using one or more watermark retrieval subsystems 302 of thedevice 106. For example and without limitation, in some embodiments, acamera may be used to capture the watermark 400 and/or associatedencoded encrypted supplemental information.

In some embodiments, the watermark 400 may further encode watermarkinformation 114 that may be used to identify, retrieve, and/or otherwiseaccess certain rights objects and/or keys associated with the encryptedsupplemental information encoded within the watermark 400. For example,the watermark information 114 may comprise information identifying aservice system 108 where a device 106 may retrieve decryption keysand/or other rights objects associated with the encrypted supplementalinformation. Watermark information management services 308 executing onthe device 106 may extract such watermark information 114 from thewatermark 400 captured by the device 106. The watermark informationmanagement services 308 may use the decoded information from a watermark400 to identify a particular service system 108 and may communicate thewatermark information 114 included in the decoded information as part ofa request to the service system 108 to access keys used to decrypt theencrypted supplemental information encoded in the watermark.

In various embodiments, access and/or authentication management services310 executing on the device 106 may further communicate authorizationand/or authentication information 304 and/or other rights information tothe service system 108 in connection with the request. For example, insome embodiments, a user and/or device 106 may provide user and/ordevice access credentials (e.g., a username and/or password), biometriccredentials, access tokens, and/or the like to the service system asauthorization information 304 in connection with a request issued to theservice system 108. The service system 108 may authenticate the requestby examining the authorization information 304 proffered by the device106 in connection with the request to determine whether the associateduser and/or device has rights and/or authorization to access thesupplemental information associated with the watermark information 114.

If the user and/or device 106 has requisite rights and/or authorization,the service system 108 may return the one or more decryption keys 402 tothe device 106, potentially via an encrypted and/or otherwise protectedchannel established between the service system 108 and/or the device106. The service system 108 may further provide the device withauthorization rights information 404 associated with the one or moredecryption keys 402 articulating one or more requirements associatedwith the use of the keys 402. For example and without limitation, insome embodiments, the authorization rights information 404 may compriseone or more policies associated with the use of the keys 402 by thedevice 106 and/or an associated user articulating associatedrequirements. A variety of policies may be used in connection with thedisclosed embodiments including, for example and without limitation,role-based policies, time-based policies, use and/or expirationpolicies, and/or any other suitable type of policy.

Using the one or more decryption keys 402 and/or the authorizationrights information 404, the device 106 and/or associated services maydecrypt the supplemental information encoded within the watermark 400.For example, the access and authorization management services 310 and/orthe cryptographic services 312 executing on the device 106 may determinewhether the user and/or device 106 is authorized to use the one or moredecryption keys 402 to decrypt the supplemental information encodedwithin the watermark 400 based on the authorization rights information404 provided by the service system 108. If the user and/or device isauthorized to use the one or more decryption keys 402, the cryptographicservices 312 may decrypt the supplemental information encoded in thewatermark 400 using the one or more decryption keys 402. Using thedevice 106, a user may view the supplemental information, potentially inconnection with the identification card 300 (e.g., overlaid on a displayof the device 106).

Proximity-Based Management of Supplemental Information

In certain embodiments, a watermark may comprise information that may beused to decrypt other information. For example, a watermark may beencoded with decryption key information. The decryption key informationencoded within the watermark may be used to decrypt encrypted content,which may be identified based on other watermark information encoded inthe watermark. In some embodiments, a decryption key encoded within awatermark may itself be protected via encryption.

FIG. 5 illustrates an example of an interaction with a watermark 500including decryption information consistent with certain embodiments ofthe present disclosure. In some embodiments, the watermark 500 may beassociated with an identification card 300, although other types ofassociated content may also be used in connection with the disclosedembodiments. The watermark 500 may be embedded and/or otherwise includedin content printed on the identification card (e.g., a photo) and/or maycomprise a discrete watermark, potentially in a specific location on theidentification card 300.

In some embodiments, the watermark 500 may encode one or morecryptographic decryption keys that may be used to decrypt certainsupplemental content. The device 106 may read, retrieve, and/orotherwise capture the watermark 500 and/or associated encoded keys usingone or more watermark retrieval subsystems 302 of the device 106. Forexample and without limitation, in some embodiments, a camera may beused to capture the watermark 500 and/or associated encoded keyinformation.

In some embodiments, the one or more keys encoded within the watermark500 may themselves be encrypted using one or more other keys. In thismanner, the watermark 500 and/or associated keys may be protected byother data and/or information. For example, as illustrated, theidentification card 300 may comprise an embedded NFC chip 502 and/orother proximity-based electronic component enabling storage ofinformation and/or communication of stored information from thecomponent.

In some embodiments, the NFC chip 502 may store one or morecryptographic keys that may be used to decrypt one or more encryptedkeys encoded within the watermark 500. Although various embodimentsand/or examples are described herein in connection with an NFC chip 502,it will be appreciated that a variety of other proximity-basedcommunication components and/or other systems operating in a similarmanner may also be used. One or more proximity detection and/orcommunication subsystems 504 included in and/or otherwise associatedwith the device 106 may be configured to retrieve the cryptographic keysstored by the NFC chip 502 when the identification card 300 and/or theNFC chip 502 are within a threshold proximity to the mobile device 106.Using the one or more keys provided by the NFC chip 502, cryptographicservices 312 executing on the device 106 may decrypt the one or moreencrypted keys retrieved from the watermark 500.

In some embodiments, the watermark 500 may further encode watermarkinformation 114 that may be used to identify supplemental contentassociated with the watermark 500 and/or the identification card 300.For example, watermark information 114 may encode informationidentifying a service system 108 where a device 106 may retrievesupplemental content associated with the watermark 500 and/or theidentification card 300. Watermark information management services 308executing on the device 106 may extract such watermark information 114from the watermark 500 captured by the device 106. The watermarkinformation management services 308 may use this information to identifya particular service system 108 and may communicate the watermarkinformation 114 included in the decoded information as part of a requestto the service system 108 for the associated supplemental content.Although not specifically illustrated in connection with FIG. 5 , accessand/or authentication management services 310 executing on the device106 may further communicate authorization and/or authenticationinformation and/or other rights information to the service system 108 inconnection with the request.

In response to the request, the service system 108 may return encryptedsupplemental information 506 corresponding to the watermark information114 provided in the request. In embodiments where authorization and/orauthentication information and/or other rights information are providedto the service system 108 in connection with the request, the servicesystem 108 may determine whether the user and/or device 106 haverequisite rights to access the encrypted supplemental information 506prior to returning the information 506 to the device 106.

Using the one or more decrypted keys retrieved from the watermark 500,the cryptographic services 312 may decrypt the encrypted supplementalinformation 506 received from the service system. Using the device 106,a user may view the decrypted supplemental information, potentially inconnection with the identification card 300 (e.g., in a manner where thesupplemental information is overlaid over the identification card 300when viewed via a display of the device 106 and/or the like).

Although in various embodiments described above the NFC chip 502 maystore one or more cryptographic keys used to decrypt one or moreencrypted keys encoded in the watermark 500, it will be appreciated thatin other embodiments, the NFC chip 502 may store encrypted keys that maybe decrypted by a key encoded in the watermark 500. For example, in someembodiments, the NFC chip 502 may store one or more cryptographic keysthat may be used to decrypt supplemental content. The keys stored by theNFC chip 502 may be encrypted using one or more keys encoded in thewatermark 500. By retrieving the keys encoded in the watermark 500, theuser device 106 may decrypt the encrypted keys stored by the NFC chip502 and use the decrypted keys to decrypt the encrypted supplementalinformation 506.

It will be appreciated that a number of variations can be made to thearchitecture, relationships, and examples presented in connection withFIGS. 1-5 within the scope of the inventive body of work. For example,various systems, subsystems, devices, and/or components and/orassociated functionalities described above may be integrated into asingle system, subsystem, device, component, and/or functional module,and/or any suitable combination of systems, subsystems, devices,components, and/or functional modules in any suitable configuration.Moreover, certain features and/or aspects shown in connection with oneexample of FIGS. 1-5 may be used in connection with certain featuresand/or aspects shown in connection with other examples shown in FIGS.1-5 . Thus, it will be appreciated that the architectures,relationships, and examples presented in connection with FIGS. 1-5 areprovided for purposes of illustration and explanation, and notlimitation.

Differential Watermarking

In some embodiments, watermarks having different reader and/or captureresolution requirements may be embedded within a single item of content(e.g., a single image). In such a way, a rudimentary form of “proximitysensing” may be employed using a visual identification image. Forexample, if a user were to hold an identification card containing amulti-watermarked image at a first distance from a device used to scanand/or otherwise read the watermarks, certain watermarks may be readableand provide access to a certain subset of low security supplementalinformation. Similarly, if a user were to hold the image closer to thedevice (or alternatively possibly by granting possession of it toanother party, such as a law enforcement officer or gate attendant forpurposes of scanning more closely), different watermarks may becomereadable, permitting access to additional supplemental information. Anowner of such an identification card may control viewing access to theircard in a manner that distinguishes between relatively close accessand/or more distance access.

Certain circumstances may require a copy and/or scan of anidentification card to be sent and/or otherwise transferred to anotherparty for recordation and/or inspection. When scanning a copy of anidentification card for such purposes, an owner of the identificationcard could choose to scan the card at a resolution that is low enoughsuch that certain watermarks used to access more secure data will not bereadable in the copy. In this manner, a user may manage access tosupplemental data encoded within and/or otherwise accessible usingcertain watermark data.

Managing Access to Supplemental Information Using Presence VerificationTechniques

In some embodiments, an identification card may be associated withsupplemental information, which in some instances may comprise ARinformation. As discussed above, n certain embodiments, anidentification card may be configured such that one or both ofinformation encoded in a watermark (e.g., a visual watermark) and/orinformation retrieved from a proximity-based wireless “mark” integratedon the identification card (e.g., provided by a near field RFID chip, anNFC chip, and/or the like) may be used to access the supplementalinformation. Such a configuration may provide enhanced presence and/orproximity checking capabilities in connection with watermark usage.

This combined approach of using visual watermarks in combination withproximity-based wireless communication techniques may help facilitatedeployment efforts and public acceptance of next generationidentification systems that employ greater interactivity and access topersonally identifiable information. For example, due to a variety offactors including, but not limited to, past historical events involvingoppressive governments employing extreme surveillance techniques ontheir citizens, fictional future dystopian novels depicting electronictracking of individuals, and/or general distrust of governments and/ortechnology, many members of the public may be hesitant to useidentification cards that can be passively monitored wirelessly.Moreover, in today's digital world, the ability to copy and distributeinformation also presents challenges to traditional identification usecases, where an individual needs to use identification information togain access to services, yet must also keep this information as privateas possible. By structuring access to information using a combination ofvisual proximity and wireless proximity techniques, many of theseperceived risks may be mitigated.

In at least one non-limiting example, access to more personalinformation and/or enhanced image data such as supplemental 3D and/or ARdata may be predicated on the receipt of information continued withinand/or derived from a higher resolution watermark and receipt ofinformation via a short-range wireless transmission channel from anidentification card. Merely walking past and/or being in proximity to anRFID, and NFC, and/or other shorter range wireless reader and/or longerrange wireless reader (e.g., UWB, WiFi, etc.) would not enable access tothe supplemental information unless a user also presents theiridentification card for visual watermark capture. This may, in somecircumstances, mitigate fears relating to passive wireless trackingand/or surveillance by governmental agencies, unauthorized thirdparties, malicious actors, and/or the like. Similarly, merely having aphotocopy and/or a low-resolution photographic image of theidentification card and/or viewing from a distance alone may not enableaccess to the supplementary information without also obtainingadditional information wirelessly. This may help mitigate concernsrelating to duplicating and/or otherwise distributing forged and/orunauthorized copies of identification cards.

In another non-limiting example, an identification card may comprise alower resolution watermark, a higher resolution watermark, and/or ashort-range wireless communication component. The lower resolutionwatermark may encode relatively basic and/or low security information,either encrypted (at least in part), and/or in the clear (e.g.,unencrypted). The higher resolution watermark may encode a token, rightsobject, and/or a key required to decrypt and/or access informationencoded within and/or identified by information encoded within the lowerresolution watermark. The short-range wireless communication componentmay store and/or provide a cryptographic key that may be used to decryptinformation included in one or more of the watermarks and/or a securetoken that may be redeemed via a service to request time-expiring rightsto view supplemental content using a certified and/or otherwise trustedviewing device and/or software module.

As discussed in various examples and/or embodiments detailed above,supplemental information may be stored and/or otherwise managed by aservice system, which may comprise a network connected service system(e.g., a cloud service system and/or the like) and/or may be stored onan identification card and/or content item itself via a watermark and/ora short-range wireless communication component (e.g., an NFC chip). Insome embodiments, the supplemental information may be stored as anencrypted file and/or protected via storage and/or management in securememory.

In some embodiments, proximity of a user device and an identificationcard and/or other content item may be further confirmed by a wirelessround trip time test. For example, a cryptographic challenge-responsetest may be issued for completion within a specified threshold timeperiod. In further embodiments, proximity of a user device and anidentification card and/or other content item may be confirmed using theabove techniques and and/or further incorporating a reverse Turing testcommunicated to a current user of the user device to confirm that ahuman user is actively involved in the process, thereby mitigating orrestricting the use of certain passive requests for supplementalinformation and/or machine-generated replay requests.

Authorization to access supplemental information may be granted based onone or more authorization levels. For example, in some embodiments,access to an image of an identification card may grant a first level ofaccess (e.g., based on information encoded in a lower quality but highlyreliability and/or reproducible watermark). This level of access mayallow for data to be accessed that may be readily discernable fromviewing the identification card such as, for example and withoutlimitation, keyword information and/or metadata relating to a user(e.g., hair color, eye color, gender, etc.).

Access to information provided by a short-range wireless communicationcomponent may provide access to information that may be used to requestadditional information about an individual (e.g., a token), and/oraccess to information that may enable acquiring the information from thewatermarked image (if it were to become available at a later time). If atoken is used, the token may be able to be redeemed (e.g., redeemed withapproval) for a time-expiring license to view the supplementalinformation. If a key is employed, the key may be used with informationfrom the watermark to access basic information.

FIG. 6 illustrates a flow chart of an example of a method 600 ofmanaging access to supplemental information associated with contentconsistent with certain embodiments disclosed herein. The illustratedmethod 600 may be implemented in a variety of ways, including usingsoftware, firmware, hardware, and/or any combination thereof. In certainembodiments, various aspects of the method 600 and/or its constituentsteps may be performed by a user device, a service system, and/or anyother suitable device, system, and/or service or combination of devices,systems, and/or services.

At 602, an image of a watermark associated with a content item may becaptured by a sensor system of the user device. For example, a camerasystem of the user device may be used to capture the image of thewatermark. Other sensor systems may also be used including, for exampleand without limitation, an infrared sensor system. The content item maycomprise, for example and without limitation, a photograph, andidentification card, and/or the like.

First watermark information encoded in the watermark may be retrievedfrom the captured image of the watermark at 604. At 606, a firstcryptographic key may be extracted from the first watermark information.In some embodiments, the first cryptographic key may be included in thefirst watermark information in the clear and/or otherwise in anunencrypted form. In further embodiments, the first cryptographic keymay be included in the first watermark information in an encrypted form.

If the first cryptographic key is encrypted, extracting the key maycomprise decrypting the key using a second cryptographic key. The secondcryptographic key may be a key associated with a user of the deviceand/or the device itself and/or may comprise a key provisioned to thedevice by the service system that also provisions supplementaryinformation associated with the content and/or by a separate serviceand/or system. In some embodiments, the second cryptographic key may bereceived from a wireless communication component associated with thecontent item. In certain embodiments, the component may comprise aproximity-based wireless communication component such as, for exampleand without limitation, an NFC chip and/or a RFID chip.

At 608, second watermark information encoded in the image of thewatermark may be retrieved. In some embodiments, the second watermarkinformation may comprise information used to retrieve encryptedsupplemental content from a service system. In some embodiments, thesecond watermark information may identify the service system and/orsupplemental content, which may be encrypted, associated with thewatermark and/or content item.

A request may be sent from the user device to the service system for theencrypted supplemental content at 610, and the service system maycommunicate the encrypted supplemental content to the user device inresponse to the request at 612. At 614, the encrypted supplementalcontent may be decrypted by the user device using the firstcryptographic key. The supplemental content may comprise, for exampleand without limitation, at least one of metadata information, imageinformation, text information, personal information, VR information, ARinformation, and/or the like. The decrypted supplemental content may bedisplayed on a display of the user device at 616.

Watermark Binding and Ledger Checking

In various embodiments, systems and methods disclosed herein may performvarious checking operations to determine whether watermarks andassociated content items have one or more defined relationships. Thismay, among other things, allow for relatively secure bindings to beestablished between watermarks and associated content items and/orfacilitate checking to identify when watermarks and/or associatedcontent items have been tampered with and/or otherwise modified.

FIG. 7 illustrates a flow chart of an example of a method 700 ofaccessing supplemental information associated with content usingsecurely bound watermarks consistent with certain embodiments disclosedherein. The illustrated method 700 may be implemented in a variety ofways, including using software, firmware, hardware, and/or anycombination thereof. In certain embodiments, various aspects of themethod 700 and/or its constituent steps may be performed by a userdevice, a service system, and/or any other suitable device, system,and/or service or combination of devices, systems, and/or services.

At 702, at image of a watermark and associated content item may becaptured by a sensor system of a user device (e.g., a camera sensorsystem, an infrared sensor system, and/or the like). For example, animage of a watermark and an associated photograph printed on a contentitem may be captured by a camera system of the device.

Watermark information encoded in the watermark may be retrieved from thecaptured image of the watermark and associated content item at 704. At706, data may be received from a wireless communication componentassociated with the content item such as, for example and withoutlimitation, a proximity-based wireless communication component. Theproximity-based wireless communication component may comprise, forexample and without limitation, an NFC chip and/or an RFID chip.

In some embodiments, the watermark information may be encrypted and/orotherwise encoded in a protected form and/or may require otherinformation for decryption and/or decoding. The data received from thewireless communication component may be used to decrypt and/or otherwisedecode the watermark information at 708. For example and withoutlimitation, in some embodiments, the data received from the wirelesscommunication component may comprise a cryptographic key that may beused to decrypt the watermark information.

At 710, information relating to the captured image of the watermark andthe associated content item may be analyzed to identify variouscharacteristics associated with the content item and/or the watermark. Avariety of characteristics may be identified including, for example andwithout limitation, hashes of associated information encoded in thewatermark and/or content item and/or portions thereof, certain featuresand/or other characteristics of the watermark and/or content item and/orportions thereof, and/or the like. In various embodiments, suchcharacteristics may have certain defined relationships if a watermark issecurely bound to a content item and/or the watermark and/or contentitem have not been altered and/or tampered with.

One or more identified characteristics of the content item and/or theassociated watermark information and/or identified characteristics ofthe watermark may be compared at 712. In certain embodiments, this mayfunction as a check to determine whether a watermark is securely boundto an image and/or is otherwise bound to an image in a particular way.That is, the comparison at 712 may function as a check to determinewhether watermarks and associated content items have one or more definedrelationships.

While in some embodiments and/or implementations the comparison maycheck whether the identified characteristics of the content item and/orthe associated watermark information and/or identified characteristicsof the watermark match, in further embodiments the comparison may checkwhether the identified characteristics of the content item and/or theassociated watermark information and/or identified characteristics ofthe watermark are within certain thresholds. In at least onenon-limiting example, it may be determined whether a hash of thewatermark information and/or a portion thereof matches a hash of atleast a portion of the identified characteristics of the content item.If it is determined at 714 that hashes match (and/or other comparedcharacteristics are within certain thresholds), it may be determinedthat the watermark and the associated content are securely bound and/orhave not been altered and/or tampered with. Although not specificallyillustrated, in some embodiments, the method 700 may similarly check abinding between the watermark information and/or the data received fromthe wireless communication component.

At 716, a binding value may be generated based on at least a portion ofthe watermark information and/or associated characteristics and/orinformation associated with the content item and/or a portion thereof(e.g., one or more identified characteristics of the content item, datareceived from the wireless communication component, etc.). A variety ofbinding values and/or associated methods for generating a binding valuemay be used in connection with various disclosed embodiments. In atleast one non-limiting example, a binding value may be generated bygenerating a hash using a combination of a hash of at least a portion ofwatermark information and a hash of the identified characteristicsand/or information associated with the content item and/or a portionthereof. It will be appreciated, however, that a variety of othertechniques of generating a binding value may also be employed.

A query may be generated and issued to a service system at 718 thatcomprises the binding data. The service system, which may comprise asystem maintaining a registration and/or database of currentassociations between watermarks and/or content items employingassociated binding data, may determine whether the binding data issuedin the query is included in a database. In some embodiments, thedatabase may comprise a trusted ledger such as, for example and withoutlimitation, a blockchain ledger and/or a blockchain derivative ledger,although other suitable types of databases may also be used. The servicesystem may issue a response indicating whether the binding data isincluded in the database maintained by the service.

At 720, it may be determined whether the binding data is trusted and/orotherwise represents a valid and/or registered association between awatermark and a content item based on the response received from theservice system. If the binding data is trusted and/or otherwiserepresents a valid and/or registered association between a watermark anda content item, the user device may access supplemental content at 722consistent with various disclosed embodiments (potentially accessingsupplemental content from the service system performing binding valuechecks and/or a separate service system) using one or more of thewatermark information, the data from the wireless communicationcomponent, the binding data, and/or the like and/or portions thereof

Key Generation Based on Proximity-Based Communication Components andWatermarks

In some embodiments, cryptographic keys may be generated based oninformation retrieved from proximity-based communication componentsand/or watermark information encoded within watermarks associated with acontent item. For example and without limitation, in at least onenon-limiting embodiment, a hash of watermark information and/or aportion thereof and a hash of information included in an image of acontent item and/or portions thereof may be generated. These hashes maybe combined in a suitable manner to generate a cryptographic key. Forexample, the hashes may be combined and hashed together to generate acryptographic key. In another non-limiting example, a hash of thewatermark information and/or a portion thereof and a hash of informationreceived from a wireless component associated with a content item and/orportions thereof may be generated. These hashes may be combined in asuitable manner to generate a cryptographic key. In this manner, a keymay be generated based on the information retrieved from proximity-basedcommunication components and/or watermark information encoded withinwatermarks associated with a content item. The generated key may be usedin connection with a variety of cryptographic operations, including anyof the cryptographic operations described herein.

FIG. 8 illustrates an example of a system 800 that may be used toimplement certain embodiments of the systems and methods of the presentdisclosure. The system 800 may comprise a variety of computing devicesand/or systems, including any computing system suitable to implement thesystems and methods disclosed herein. In various embodiments, the system800 may comprise a system and/or device associated with a user and/orservice system, and/or any other service, system, device, applicationand/or component configured to implement aspects of the embodiments ofthe disclosed systems and methods.

As illustrated in FIG. 7 , the example system 800 may comprise: aprocessing unit 802; system memory 804, which may include high speedrandom access memory (“RAM”), non-volatile memory (“ROM”), and/or one ormore bulk non-volatile computer-readable storage mediums (e.g., a harddisk, flash memory, etc.), which may be non-transitory, for storingprograms and other data for use and execution by the processing unit802; a port 806 for interfacing with removable memory 808 that mayinclude one or more diskettes, optical storage mediums (e.g., flashmemory, thumb drives, USB dongles, compact discs, DVDs, etc.) and/orother computer-readable storage mediums, which may be non-transitory; anetwork interface 810 for communicating with other devices and/orsystems via one or more network connections and/or networks 812 usingone or more communication technologies; a user interface 814 that mayinclude a display and/or one or more input/output devices such as, forexample, a touchscreen, a keyboard, a mouse, a track pad, and the like;and one or more busses 816 for communicatively coupling the elements ofthe system. The system may further include one or more watermarkretrieval subsystems and/or sensor systems 834 (e.g., a camera) and/orone or more proximity-based wireless communication and/or detectionsubsystems 836.

In some embodiments, the system 800 may, alternatively or in addition,include a TEE and/or an SPU 818 that is protected from tampering by auser of the system or other entities by utilizing secure physical and/orvirtual security techniques. A TEE and/or a SPU 818 can help enhance thesecurity of sensitive operations such as personal informationmanagement, trusted credential and/or key management, privacy and policymanagement, and other aspects of the systems and methods disclosedherein. In certain embodiments, the TEE and/or SPU 818 may operate in alogically secure processing domain and be configured to protect andoperate on secret information, as described herein. In some embodiments,the TEE and/or a SPU 818 may include internal memory storing executableinstructions or programs configured to enable the TEE and/or SPU 818 toperform secure operations, as described herein.

The operation of the system 800 may be generally controlled by theprocessing unit 802, TEE, and/or an SPU 818 operating by executingsoftware instructions and programs stored in the system memory 804(and/or other computer-readable media, such as memory 808, which may beremovable). The system memory 804 may store a variety of executableprograms or modules for controlling the operation of the system. Forexample, the system memory may include an operating system (“OS”) 820that may manage and coordinate, at least in part, system hardwareresources and provide for common services for execution of variousapplications and a trust and privacy management system 822 forimplementing trust and privacy management functionality includingprotection and/or management of secure data through management and/orenforcement of associated policies.

The system memory 804 may further include, without limitation,communication software 824 configured to enable in part communicationwith and by the system, one or more applications, cryptographic services312 configured to perform various secure cryptographic functionsconsistent with embodiments disclosed herein, watermark informationmanagement services 308, access and/or authentication managementservices 310, and/or any other information, modules, and/or applicationsconfigured to implement embodiments of the systems and methods disclosedherein.

The systems and methods disclosed herein are not inherently related toany particular computer, electronic control unit, or other apparatus andmay be implemented by a suitable combination of hardware, software,and/or firmware. Software implementations may include one or morecomputer programs comprising executable code/instructions that, whenexecuted by a processor, may cause the processor to perform a methoddefined at least in part by the executable instructions. The computerprogram can be written in any form of programming language, includingcompiled or interpreted languages, and can be deployed in any form,including as a standalone program or as a module, component, subroutine,or other unit suitable for use in a computing environment. Further, acomputer program can be deployed to be executed on one computer or onmultiple computers at one site or distributed across multiple sites andinterconnected by a communication network.

Software embodiments may be implemented as a computer program productthat comprises a non-transitory storage medium configured to storecomputer programs and instructions, that when executed by a processor,are configured to cause the processor to perform a method according tothe instructions. In certain embodiments, the non-transitory storagemedium may take any form capable of storing processor-readableinstructions on a non-transitory storage medium. A non-transitorystorage medium may be embodied by a compact disk, digital-video disk, amagnetic disk, flash memory, integrated circuits, or any othernon-transitory digital processing apparatus memory device.

Although the foregoing has been described in some detail for purposes ofclarity, it will be apparent that certain changes and modifications maybe made without departing from the principles thereof. It should benoted that there are many alternative ways of implementing both thesystems and methods described herein. Accordingly, the presentembodiments are to be considered as illustrative and not restrictive,and the invention is not to be limited to the details given herein butmay be modified with the scope and equivalents of the appended claims.

What is claimed is:
 1. A method for managing access to supplementalelectronic content associated with a content item performed by a userdevice comprising a processor and a computer-readable storage mediumstoring instructions that, when executed by the processor, cause theuser device to perform the method, the method comprising: capturing,using a sensor system of the user device, an image of a watermarkassociated with the content item; retrieving, from the image of thewatermark, first watermark information encoded in the image; extracting,from the first watermark information, a first cryptographic key;retrieving, from the image of the watermark, second watermarkinformation encoded in the image, the second watermark informationcomprising information used to retrieve encrypted supplementalelectronic content from a service system; sending a request to theservice system based on the second watermark information for theencrypted supplemental electronic content; receiving, from the servicesystem in response to the request, the encrypted supplemental electroniccontent; decrypting the encrypted supplemental electronic content usingthe first cryptographic key; and displaying the decrypted supplementalelectronic content on a display of the user device.
 2. The method ofclaim 1, wherein the second watermark information identifies the servicesystem.
 3. The method of claim 1, wherein the second watermarkinformation identifies the encrypted supplemental electronic content. 4.The method of claim 1, wherein the first watermark information comprisesthe first cryptographic key in clear text.
 5. The method of claim 1,wherein the first watermark information comprises the firstcryptographic key in an encrypted form.
 6. The method of claim 5,wherein extracting the first cryptographic key comprises decrypting thefirst cryptographic key using a second cryptographic key.
 7. The methodof claim 6, wherein the second cryptographic key is associated with auser of the device.
 8. The method of claim 6, wherein the secondcryptographic key is associated with the device.
 9. The method of claim6, wherein the second cryptographic key is provisioned to the devicefrom the service system.
 10. The method of claim 6, wherein the secondcryptographic key is provisioned to the device from a service separatefrom the service system.
 11. The method of claim 6, wherein extractingthe first cryptographic key further comprises receiving, by the userdevice, the second cryptographic key from a wireless communicationcomponent associated with the content item.
 12. The method of claim 11,wherein the wireless communication component comprises a proximity-basedwireless communication component.
 13. The method of claim 12, whereinthe proximity-based wireless communication component comprises at leastone of a near field communication chip and a radio-frequencyidentification chip.
 14. The method of claim 1, wherein the content itemcomprises an identification card.
 15. The method of claim 1, wherein thecontent item comprises a photograph.
 16. The method of claim 1, whereinthe supplemental electronic content comprises at least one of metadatainformation, image information, text information, personal information,virtual reality information, and augmented reality information.
 17. Themethod of claim 1, wherein the sensor system of the user devicecomprises a camera system.